In the early days of wireless telephony, most mobile devices such as cellular phones were embedded devices, e.g., special purpose devices having a fixed set of programs for performing a few dedicated functions. In recent years, mobile devices (e.g., “smart phones”) have evolved into general-purpose computing devices that can accept changes to existing functionality and add new functions. This can be achieved by updating existing programs and/or adding new programs to the devices.
It was often the case that the only legitimate source of new or modified programs for mobile devices were the device manufacturers and/or service carriers involved in creating and providing services to the devices. While this allows manufacturers and service providers to maintain close control over how the devices are used, consumers have been demanding their mobile devices perform a larger variety of functions. Some of these functions are highly specialized or targeted to small groups of users. As such, even if such features are compatible with existing devices and service networks, it may not be profitable for the manufacturers and service providers themselves to produce software that provides such features.
Recently, mobile software platforms have become more open to allowing application software developed by third parties to be installed and run. For example, there are large and active communities of application developers for mobile operating systems such as Symbian™, iPhone™ OS, and Android™. These communities of third-party developers may include trusted and non-trusted software vendors. Trusted developers may include businesses and other entities that participate in a certification program, or otherwise have strong motivations (e.g., legal liability) in making sure that the software they provide is safe and reliable.
Although a developer may be classified as untrusted, this does not necessarily imply that the developer's software is unsafe or unreliable, only that the safety of such software is unknown. While the use and availability of untrusted software may be troubling to those to whom security is the overriding concern (e.g., government, business enterprises), it is generally seen as a net benefit to allow anybody to write and publish software. Oftentimes the most imaginative new products come from individuals or small groups of independent developers. Also, software is one area where it is possible for small groups or individuals to produce products that are just as reliable and easy to use as corporate-produced software (sometimes even more so). Therefore enabling small developers to contribute to a mobile computing platform can help the platform remain vital and profitable for stakeholders.
For manufacturers and software/service providers, security related threats due to untrusted software must be dealt with. Even if the manufacturers and providers are not the source of untrusted software that may pose a threat, their reputations may become tarnished if their platforms are seen as easily exploited by malware. Even if software is not intentionally malicious, unreliable or corrupted software running on their platforms cause device and/or system failures, and this can reflect badly on providers and manufacturers.